<?php
    require ('db_connection.php');
    $oldPass = $_POST['oldPass'];
    $newPass = $_POST['newPass'];
    $cnewPass = $_POST['cnewPass'];
    $adminID = $_GET['adminID'];
    
    $query1 = "SELECT password('$oldPass')";
    $result1 = mysql_query($query1);
    while ($row = mysql_fetch_array($result1))
    {
      $datingPass = $row["password('$oldPass')"];

    }
    
    $qpass = "SELECT * FROM tbladmin WHERE adminID='$adminID'";
    $rpass = mysql_query($qpass);
    while ($row = mysql_fetch_array($rpass))
    {
      $pass = $row['password'];
    }
    
    if($datingPass==$pass)
    {
        if($newPass==$cnewPass)
        {
            $query = "UPDATE tbladmin SET password=PASSWORD('$newPass') WHERE adminID='$adminID'";
            $result = mysql_query($query);

            if($result)
            {
              echo " <script>alert('Change password successful!')</script> ";
              echo ("<script> document.location.href='admin.php'</script>");
            }
            else
            {
              echo " <script>alert('Update failed!')</script> ";
              echo ("<script> history.back();</script>");
            }
        }
        else
        {
            echo " <script>alert('Verify password1!')</script> ";
            echo ("<script> history.back();</script>");
        }
    }
    else
    {
        echo " <script>alert('Verify password2!')</script> ";
        echo ("<script> history.back();</script>");
    }

    
?>
